Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
491 Views 4 Replies Latest reply: Nov 7, 2013 10:35 AM by andy5340 RSS
andy5340 Newcomer 9 posts since
Jun 12, 2013
Currently Being Moderated

Nov 6, 2013 3:06 PM

Want to clear/reset HIP event.log via command-line

When tuning firewall policies, I run a batch file to pull log files into a single, VERY LARGE text file.

I then grep it for events with a tick time newer than whatever date I last tuned logs.

I would like to find a command-line I can employ (via psexec) that will clear the log after I've collected it.

 

Anyone have ideas or thoughts on how to execute?

 

Thanks

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010

    The only way I can think of is to use the HIPS ClientControl tool. 

     

    EDIT: Clientcontrol /stop will stop the HIPS service (disabling the protection it offers the system).

     

    1. clientcontrol.exe /stop <password>
    2. del event.log
    3. clientcontrol.exe /start

     

    There is no command line equivalent of a HIPS Activity log CLEAR that I'm aware of.

     

    Message was edited by: ktankink on 11/6/13 3:25:14 PM CST
  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    3. Nov 7, 2013 10:03 AM (in response to andy5340)
    Re: Want to clear/reset HIP event.log via command-line

    I tried clientcontrol and got the error: The action can't be completed because the file is open in McAfee Host Intrusion Prevention Service"

    This error occurs because the HIPS service is still running (your "ClientControl.exe /stop" didn't work.  Make sure you're running this in an Administrative: Command Prompt (not just a normal cmd.exe session), if on WinVista and higher.

     

    You can check the C:\ProgramData\McAfee\Host Intrusion Prevention\ClientControl.log for details.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points